Securing stream buffers
Abstract
Described are examples for securing stream data received from a stream source. A secure mode can be enabled, based on a request from an application, for storing the stream data captured from the stream source in a secured buffer. The secured buffer can be allocated in a secure memory based at least in part on enabling the secure mode. A secured buffer identifier of the secured buffer can be provided to a driver of a device providing the stream source for storing the stream data captured from the stream source in the secured buffer. The secured buffer identifier of the secured buffer can also be provided to the application for accessing the stream data stored in the secured buffer.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A method for securing stream data received from a stream source, comprising:
enabling, based on a request from an application executing on an operating system, a secure mode of the operating system for storing the stream data captured from the stream source in a secured buffer;
allocating, based at least in part on enabling the secure mode, the secured buffer in a secure memory;
providing, based at least in part on enabling the secure mode, a secured buffer identifier of the secured buffer to a driver of a device providing the stream source, wherein the driver executes in a kernel mode of the operating system to receive stream data from the stream source and store the stream data in the secured buffer based on the secured buffer identifier; and
providing, based at least in part on enabling the secure mode, the secured buffer identifier of the secured buffer to the application, wherein the application accesses the stream data stored in the secured buffer based on the secured buffer identifier.
2. The method of claim 1 , further comprising:
enabling a driver secure mode at the driver of the device based at least in part on enabling the secure mode; and
causing the driver to store the stream data in the secured buffer based at least in part on providing, by the driver, the secured buffer identifier to a secure framework component, wherein the secure framework component has access to the secure memory in a secure kernel mode.
3. The method of claim 2 , wherein allocating the secured buffer comprises receiving a plurality of secured buffer identifiers from the secure framework component, and further comprising selecting the secured buffer identifier from the plurality of secured buffer identifiers.
4. The method of claim 2 , wherein the secure framework component stores the stream data in the secured buffer at a location corresponding to the secured buffer identifier.
5. The method of claim 1 , further comprising:
retrieving, by the application, the stream data from the secured buffer based at least in part on providing the secured buffer identifier to a secure framework component, wherein the secure framework component has access to the secure memory in a secure kernel mode.
6. The method of claim 1 , further comprising:
allocating a non-secured buffer for the stream data based on a request from a second application for non-secured use of the device;
causing the driver to store the stream data in the secured buffer; and
causing the driver to store the stream data in the non-secured buffer for access by the second application.
7. The method of claim 1 , wherein the device is a camera, and the request from the application corresponds to performing face authentication by the application.
8. A device for securing stream data received from a stream source, comprising:
a memory storing one or more parameters or instructions for executing a stream server, wherein the stream server interfaces with the stream source; and
at least one processor coupled to the memory, wherein the at least one processor is configured to:
enable, based on a request from an application executing on an operating system, a secure mode of the operating system for storing the stream data captured from the stream source in a secured buffer;
allocate, based at least in part on enabling the secure mode, the secured buffer in a secure memory;
provide, based at least in part on enabling the secure mode, a secured buffer identifier of the secured buffer to a driver of a device providing the stream source, wherein the driver executes in a kernel mode of the operating system to receive stream data from the stream source and store the stream data in the secured buffer based on the secured buffer identifier; and
provide, based at least in part on enabling the secure mode, the secured buffer identifier of the secured buffer to the application, wherein the application accesses the stream data stored in the secured buffer based on the secured buffer identifier.
9. The device of claim 8 , wherein the at least one processor is further configured to:
enable a driver secure mode at the driver of the device based at least in part on enabling the secure mode; and
cause the driver to store the stream data in the secured buffer based at least in part on providing, by the driver, the secured buffer identifier to a secure framework component, wherein the secure framework component has access to the secure memory in a secure kernel mode.
10. The device of claim 9 , wherein the at least one processor is further configured to receive a plurality of secured buffer identifiers from the secure framework component, and select the secured buffer identifier from the plurality of secured buffer identifiers.
11. The device of claim 9 , wherein the secure framework component stores the stream data in the secured buffer at a location corresponding to the secured buffer identifier.
12. The device of claim 8 , wherein the at least one processor is further configured to:
retrieve, by the application, the stream data from the secured buffer based at least in part on providing the secured buffer identifier to a secure framework component, wherein the secure framework component has access to the secure memory in a secure kernel mode.
13. The device of claim 8 , wherein the at least one processor is further configured to:
allocate a non-secured buffer for the stream data based on a request from a second application for non-secured use of the device;
cause the driver to store the stream data in the secured buffer; and
cause the driver to store the stream data in the non-secured buffer for access by the second application.
14. The device of claim 8 , wherein the device is a camera, and the request from the application corresponds to performing face authentication by the application.
15. A non-transitory computer-readable medium, comprising code executable by one or more processors for securing stream data received from a stream source, the code comprising code for:
enabling, based on a request from an application executing on an operating system, a secure mode of the operating system for storing the stream data captured from the stream source in a secured buffer;
allocating, based at least in part on enabling the secure mode, the secured buffer in a secure memory;
providing, based at least in part on enabling the secure mode, a secured buffer identifier of the secured buffer to a driver of a device providing the stream source, wherein the driver executes in a kernel mode of the operating system to receive stream data from the stream source and store the stream data in the secured buffer based on the secured buffer identifier; and
providing, based at least in part on enabling the secure mode, the secured buffer identifier of the secured buffer to the application, wherein the application accesses the stream data stored in the secured buffer based on the secured buffer identifier.
16. The non-transitory computer-readable medium of claim 15 , further comprising code for:
enabling a driver secure mode at the driver of the device based at least in part on enabling the secure mode; and
causing the driver to store the stream data in the secured buffer based at least in part on providing, by the driver, the secured buffer identifier to a secure framework component, wherein the secure framework component has access to the secure memory in a secure kernel mode.
17. The non-transitory computer-readable medium of claim 16 , wherein code for allocating further receives a plurality of secured buffer identifiers from the secure framework component, and wherein the code for storing selects the secured buffer identifier from the plurality of secured buffer identifiers.
18. The non-transitory computer-readable medium of claim 15 , further comprising code for:
retrieving, by the application, the stream data from the secured buffer based at least in part on providing the secured buffer identifier to a secure framework component, wherein the secure framework component has access to the secure memory in a secure kernel mode.
19. The non-transitory computer-readable medium of claim 15 , further comprising code for:
allocating a non-secured buffer for the stream data based on a request from a second application for non-secured use of the device;
causing the driver to store the stream data in the secured buffer; and
causing the driver to store the stream data in the non-secured buffer for access by the second application.
20. The non-transitory computer-readable medium of claim 15 , wherein the device is a camera, and the request from the application corresponds to performing face authentication by the application.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.